Major security flaw LogoFAIL discovered in almost every Windows & Linux device

Rebecca Hills-Duty
Security exploit LogoFAIL

Security researchers have discovered a serious exploit in the UEFI dubbed LogoFAIL that could affect every Windows and Linux device.

Users running Windows or Linux are vulnerable to a new type of firmware attack, according to security researchers at Binarly.

This issue affects machines from almost every manufacturer and vendor and is very difficult to avoid or even detect.

The exploit has been dubbed LogoFAIL by researchers, and engages at one of the earliest points of the boot-up process, embedding itself into the system before most security processes such as Secure Boot or similar protections have engaged.

As reported by ArsTechnica, the exploit affects almost all enterprise and consumer-grade PCs running Windows or Linux, affecting x64-based systems as well as ARM CPU systems.

Devices from Lenovo, Dell, and HP have been confirmed to be affected, as well as any motherboard using UEFI from Independent BIOS Vendors (ABV) such as AMI, Insyde, and Phoenix.

What is UEFI?

UEFI, or Unified Extensive Firmware Interfaces is responsible for booting most modern devices that use Windows or Linux, replacing the older style of BIOS (Basic Input/Output System).

UEFI is faster to load the Operating System, but some engineers and technicians have complained that it provides less information for diagnostic purposes.

What is LogoFAIL?

As the name suggests, LogoFAIL specifically uses a logo. You may have noticed when you boot up your PC a big logo splash screen displays the name of the hardware device manufacturer or vendor.

It has been discovered that the image parsers for these logos have vulnerabilities that allow malicious code to replace the logo with one that outwardly looks identical. However, it can exploit these bugs to gain almost complete control over the memory and disk of the device – and from there entry into the operating system.

The researchers at Binarly released a proof-of-concept video demonstrating how the LogoFAIL exploits functions to compromise a system.

How to avoid infection by LogoFAIL

There is currently no evidence that any of the LogoFAIL exploits have been in active use by malicious coders. Since the infection is hard to spot, it is difficult to confirm it.

The LogoFAIL exploit relies on image parser vulnerabilities in the boot sequence, devices that use different boot systems such as Macs and most smartphones are not vulnerable to LogoFAIL.

Many enterprise-level Dell devices are similarly protected by their implementation of Intel Boot Guard.

For users of equipment from other vendors, there are advisories available from AMI, Insyde, Phoenix, and Lenovo, and Binarly researchers have been working with vendors to release a series of UEFI security updates. These patches will be distributed by device manufacturers, so if you have concerns it is best to contact your device vendor.